[archived] - [2013] - [2014] - [2015] - [2016] - [2017] - [2018] - [2019] - [2020] - [2021] - [2022] - [2023] - [2024]
- 2022 -- Pcaps for January 2022 OISF Webinar about IcedID activity
- 2022 -- Training Material for 2022 Pcap Analysis Workshop
- 2022-12-29 -- Google ad --> fake Adobe Reader page --> malware
- 2022-12-28 -- Link from USPS-themed email pushes NetSupport RAT
- 2022-12-21 -- Files for an ISC diary (malicious Google ads)
- 2022-12-20 -- IcedID (Bokbot) infection with Cobalt Strike
- 2022-12-14 -- Pcap and malware for an ISC diary (IcedID)
- 2022-12-09 -- HTML smuggling leads to Qakbot, distribution/botnet tag: azd
- 2022-12-07 -- Bumblebee infection with Cobalt Strike
- 2022-12-01 -- Files for an ISC diary (obama224 Qakbot)
- 2022-11-28 -- BB08 Qakbot (Qbot) infection with CobaltStrike and VNC traffic
- 2022-11-22 -- AgentTesla and RemcosRAT from malspam
- 2022-11-17 -- Bumblebee malware infection
- 2022-11-14 -- obama221 Qakbot (Qbot) infection with Cobalt Strike and VNC traffic
- 2022-11-11 -- IcedID (Bokbot) infection with VNC traffic
- 2022-11-07 -- Emotet (epoch4) infection with IcedID (Bokbot) and Bumblebee malware
- 2022-11-03 -- Emotet infection with IcedID (Bokbot)
- 2022-10-31 -- IcedID (Bokbot) infection with BackConnect, Keyhole VNC & Cobalt Strike
- 2022-10-17 -- IcedID (Bokbot) infection with Cobalt Strike
- 2022-10-14 -- bb02 Qakbot (Qbot) infection
- 2022-10-12 -- Icedid (Bokbot) --> Cobalt Strike
- 2022-10-10 -- Qakbot (Qbot) infection with Cobalt Strike
- 2022-10-06 -- HTML smuggling --> IcedID (Bokbot) --> Cobalt Strike
- 2022-10-04 -- HTML smuggling --> IcedID (Bokbot) --> Cobalt Strike
- 2022-10-03 -- Three days of traffic from scans/probes hitting a web server
- 2022-09-30 -- Fifteen days of traffic from scans/probes hitting a web server
- 2022-09-29 -- Qakbot (Qbot) infection with Cobalt Strike
- 2022-09-23 -- IcedID (Bokbot) infection with Cobalt Strike
- 2022-09-21 -- Astaroth (Guildma) infection from Brazil malspam
- 2022-09-15 -- Thirteen days of traffic from scans/probes hitting a web server
- Still working on restoring these 2021 blog posts.
Click here to return to the main page.